|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.velocity.tools.generic.SafeConfig org.apache.velocity.tools.generic.EscapeTool
@DefaultKey(value="esc") public class EscapeTool
Tool for working with escaping in Velocity templates. It provides methods to escape outputs for Velocity, Java, JavaScript, HTML, HTTP, XML and SQL. Also provides methods to render VTL characters that otherwise needs escaping.
Example uses: $velocity -> Please escape $ and #! $esc.velocity($velocity) -> Please escape ${esc.d} and ${esc.h}! $java -> He didn't say, "Stop!" $esc.java($java) -> He didn't say, \"Stop!\" $javascript -> He didn't say, "Stop!" $esc.javascript($javascript) -> He didn\'t say, \"Stop!\" $html -> "bread" & "butter" $esc.html($html) -> "bread" & "butter" $xml -> "bread" & "butter" $esc.xml($xml) -> "bread" & "butter" $sql -> McHale's Navy $esc.sql($sql) -> McHale''s Navy $url -> hello here & there $esc.url -> hello+here+%26+there $esc.dollar -> $ $esc.d -> $ $esc.hash -> # $esc.h -> # $esc.backslash -> \ $esc.b -> \ $esc.quote -> " $esc.q -> " $esc.singleQuote -> ' $esc.s -> ' $esc.newline -> $esc.n -> $esc.exclamation -> ! $esc.e -> ! Example tools.xml config (if you want to use this with VelocityView): <tools> <toolbox scope="application"> <tool class="org.apache.velocity.tools.generic.EscapeTool"/> </toolbox> </tools>
This tool is entirely threadsafe, and has no instance members. It may be used in any scope (request, session, or application).
StringEscapeUtils
Field Summary | |
---|---|
static java.lang.String |
DEFAULT_KEY
|
private java.lang.String |
key
|
Fields inherited from class org.apache.velocity.tools.generic.SafeConfig |
---|
LOCK_CONFIG_KEY, OLD_LOCK_CONFIG_KEY, SAFE_MODE_KEY |
Constructor Summary | |
---|---|
EscapeTool()
|
Method Summary | |
---|---|
protected void |
configure(ValueParser values)
Does the actual configuration. |
protected java.lang.String |
dumpString(java.lang.String string,
boolean key)
This code was pulled from the Apache Harmony project. |
java.lang.String |
getB()
Renders a backslash (\). |
java.lang.String |
getBackslash()
Renders a backslash (\). |
java.lang.String |
getD()
Renders a dollar sign ($). |
java.lang.String |
getDollar()
Renders a dollar sign ($). |
java.lang.String |
getE()
Renders an exclamation mark (!). |
java.lang.String |
getExclamation()
Renders an exclamation mark (!). |
java.lang.String |
getH()
Renders a hash (#). |
java.lang.String |
getHash()
Renders a hash (#). |
java.lang.String |
getKey()
Should return the key under which this tool has been configured. |
java.lang.String |
getN()
Renders a new line character appropriate for the operating system ("\n" in java). |
java.lang.String |
getNewline()
Renders a new line character appropriate for the operating system ("\n" in java). |
java.lang.String |
getQ()
Renders a double quotation mark ("). |
java.lang.String |
getQuote()
Renders a double quotation mark ("). |
java.lang.String |
getS()
Renders a single quotation mark ('). |
java.lang.String |
getSingleQuote()
Renders a single quotation mark ('). |
java.lang.String |
html(java.lang.Object string)
Escapes the characters in a String using HTML entities. |
java.lang.String |
java(java.lang.Object string)
Escapes the characters in a String using Java String rules. |
java.lang.String |
javascript(java.lang.Object string)
Escapes the characters in a String using JavaScript String rules. |
java.lang.String |
propertyKey(java.lang.Object string)
Escapes the characters in a String using java.util.Properties rules for escaping property keys. |
java.lang.String |
propertyValue(java.lang.Object string)
Escapes the characters in a String using java.util.Properties rules for escaping property values. |
protected void |
setKey(java.lang.String key)
Sets the key under which this tool has been configured. |
java.lang.String |
sql(java.lang.Object string)
Escapes the characters in a String to be suitable to pass to an SQL query. |
java.lang.String |
unicode(java.lang.Object code)
Converts the specified Unicode code point and/or escape sequence into the associated Unicode character. |
java.lang.String |
url(java.lang.Object string)
Escape the characters in a String to be suitable to use as an HTTP parameter value. |
java.lang.String |
velocity(java.lang.Object obj)
Escapes the characters in a String using "poor man's
escaping" for Velocity templates by replacing all '$' characters
with '${esc.d}' and all '#' characters with '${esc.h}'. |
java.lang.String |
xml(java.lang.Object string)
Escapes the characters in a String using XML entities. |
Methods inherited from class org.apache.velocity.tools.generic.SafeConfig |
---|
configure, isConfigLocked, isSafeMode, setLockConfig, setSafeMode |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String DEFAULT_KEY
private java.lang.String key
Constructor Detail |
---|
public EscapeTool()
Method Detail |
---|
protected void configure(ValueParser values)
configure
in class SafeConfig
protected void setKey(java.lang.String key)
velocity(java.lang.Object)
public java.lang.String getKey()
velocity(java.lang.Object)
public java.lang.String velocity(java.lang.Object obj)
Escapes the characters in a String
using "poor man's
escaping" for Velocity templates by replacing all '$' characters
with '${esc.d}' and all '#' characters with '${esc.h}'. This form
of escaping is far more reliable and consistent than using '\' to
escape valid references, directives and macros, though it does require
that you have the EscapeTool available in the context when you later
go to process the result returned by this method.
NOTE: This will only work so long as the EscapeTool is placed in the context using its default key 'esc' or you are using VelocityTools 2.0+ and have put this tool in one of your toolboxes under an alternate key (in which case the EscapeTool will automatically be told what its new key is). If for some strange reason you wish to use an alternate key and are not using the tool management facilities of VelocityTools 2.0+, you must subclass this tool and manually call setKey(String) before using this method.
obj
- the string value that needs escaping
null
if null string inputpublic java.lang.String java(java.lang.Object string)
String
using Java String rules.
StringEscapeUtils.escapeJava(String)
.
string
- the string to escape values, may be null
null
if null string inputStringEscapeUtils.escapeJava(String)
public java.lang.String propertyKey(java.lang.Object string)
String
using java.util.Properties rules for escaping property keys.
string
- the string to escape values, may be null
null
if null string inputdumpString(String, boolean)
public java.lang.String propertyValue(java.lang.Object string)
String
using java.util.Properties rules for escaping property values.
string
- the string to escape values, may be null
null
if null string inputdumpString(String, boolean)
protected java.lang.String dumpString(java.lang.String string, boolean key)
public java.lang.String javascript(java.lang.Object string)
String
using JavaScript String rules.
StringEscapeUtils.escapeJavaScript(String)
.
string
- the string to escape values, may be null
null
if null string inputStringEscapeUtils.escapeJavaScript(String)
public java.lang.String html(java.lang.Object string)
String
using HTML entities.
StringEscapeUtils.escapeHtml(String)
.
string
- the string to escape, may be null
String
, null
if null string inputStringEscapeUtils.escapeHtml(String)
public java.lang.String url(java.lang.Object string)
String
to be suitable to use as an HTTP parameter value.
string
- the string to escape, may be null
String
, null
if null string input
See java.net.URLEncoder#encode(String,String).public java.lang.String xml(java.lang.Object string)
String
using XML entities.
StringEscapeUtils.escapeXml(String)
.
string
- the string to escape, may be null
String
, null
if null string inputStringEscapeUtils.escapeXml(String)
public java.lang.String sql(java.lang.Object string)
String
to be suitable to pass to an SQL query.
StringEscapeUtils.escapeSql(String)
.
string
- the string to escape, may be null
null
if null string inputStringEscapeUtils.escapeSql(String)
public java.lang.String unicode(java.lang.Object code)
code
- the code to be translated/escaped, may be null
null
if input was nullCharacter.toChars(int codePoint)
public java.lang.String getDollar()
getD()
public java.lang.String getD()
getDollar()
public java.lang.String getHash()
getH()
public java.lang.String getH()
getHash()
public java.lang.String getBackslash()
getB()
public java.lang.String getB()
getBackslash()
public java.lang.String getQuote()
getQ()
public java.lang.String getQ()
getQuote()
public java.lang.String getSingleQuote()
getS()
public java.lang.String getS()
getSingleQuote()
public java.lang.String getNewline()
getN()
public java.lang.String getN()
getNewline()
public java.lang.String getExclamation()
getE()
public java.lang.String getE()
getExclamation()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |